Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||W32/Bugbear.b@mm,, Bugbear.B, PE_BUGBEAR.B, W32.Kijmo, W32.Shamur, Win32.Bugbear.B|
|Effects:||It infects a large number of files on affected computers, it ends processes belonging to security programs, opens the port 1080, captures keystrokes and allows a hacker to gain remote access to the resources of the computer.|
|First detected on:||June 5, 2003|
|Detection updated on:||May 14, 2009|
|Yes, using TruPrevent Technologies|
|Repair utility:||Panda QuickRemover|
It is very easy to become infected by this worm, as it is automatically activated when the message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows e-mail attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame. However, Bugbear.B does not always exploit this vulnerability in order to affect the computer.
Bugbear.B carries out the following actions in affected computers:
Bugbear.B is a polymorphic worm, which makes it difficult for antivirus programs to detect.
When spreading across shared network drives, Bugbear.B does not check if the directories it is copying itself to are shared printers. Therefore, if it copies itself to one of these directories, the printer will start printing junk characters.